Question
I am trying out python-social-auth with django to use facebook auth so I do not have to avoid user registration. It works well - However, when I log out, it just logs out of the app, but not out of the 3rd party service (like facebook). The problem is that someone else can come in and type facebook.com and get in to the users account The user did not log into facebook - they are logging into my app. They should not have to log out of facebook as well since they specifically did not log into facebook, but rather logged in only in my app.
When I click logout, how can I log out of facebook as well? Actually, my real question is How would I use facebook with python-social-auth just to log into my app and not facebook? The existing behaviour seems like a bad idea.
settings.py:
https://stackoverflow.com/questions/23644952
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianSOCIAL_PIPELINE = (
'social.backends.pipeline.social.social_user',
'social.backends.pipeline.associate.associate_by_email',
'social.backends.pipeline.user.create_user',
'social.backends.pipeline.social.associate_user',
'social.backends.pipeline.social.load_extra_data',
'social.backends.pipeline.user.update_user_details',
)
Solution
I have faced the same issue in earlier days, But that time I have used django_allauth. You can't logout facebook when your app is logout. I didn't know django-social-auth, But this answer may be useful,
Python Social Auth NotAllowedToDisconnect at /disconnect/facebook/1/
But I have solved issue my own way using facebook graph,
function logout_social() {
FB.logout(function(response) { // for facebook logout
window.location.href = '/logout' // for my app logout
});
}
